Friday, August 11, 2006

Microsoft Security Bulletin MS06-040

Hi folks,

Despite the current furor about MS06-040, which Microsoft describes as a "Vulnerability in Server Service [that] Could Allow Remote Code Execution" I don't think it's really such a huge deal. Yes, there are proof of concepts (POCs) circulating that show how to exploit this vulnerability but, as far as I can tell, it can be easily blocked by anyone who's running a firewall, even Windows firewall. Corporates should be more than adequately protected by perimeter firewalls. The rumors are already rampant that it will be used in a worm or a bot very soon, but it's hard to see even that causing major problems for anyone taking normal security precautions (anti-virus, anti-spyware, firewall).

Of much greater concern, in my opinion, is MS06-042, which affects Internet Explorer. This is where the attacks are likely to come, so we'll be monitoring any activity on that front very closely.